Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
allow origin isn't sufficient to resolve CORS issue
See original GitHub issueDescription
Adding allow origin and allow headers at template.yaml and returning Access-Control-Allow-Origin in the lambda response body seems insufficient to resolve cross origin issue after deploying the lambda service.
Steps to reproduce
sample of template.yaml
Globals:
Function:
Timeout: 60
Api:
Cors:
AllowMethods: "'POST,OPTIONS'"
AllowHeaders: "'*'"
AllowOrigin: "'*'"
AllowCredentials: "'*'"
Resources:
EndpointFunction:
Type: AWS::Serverless::Function
CodeUri: api/v1/
Handler: endpoint.lambda_handler
Runtime: ruby2.5
Events:
Endpoint:
Type: Api
Properties:
Path: /api/v1/endpoint
Method: post
sample of endpoint.rb
def lambda_handler(event:, context:)
{
statusCode: 201,
headers: {
'Access-Control-Allow-Origin' => '*',
'Content-Type' => 'application/json'
}
}
end
Observed result
Access to XMLHttpRequest at 'https://<random-sha>.execute-api.<aws-region>amazonaws.com/prod/api/v1/endpoint' from origin 'https://<domain>' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Update: This turned out to be a url of lambda service is being case sensitive. Aside from that, there is currently no way to set multiple domains for allow origin. Also, the hassle way of defining an option function doesn’t seem to work either at least local #1434
Expected result
able to make request from the browser
Additional environment details (Ex: Windows, Mac, Amazon Linux etc)
sam --version: 0.22.0
Issue Analytics
- State:
- Created 4 years ago
- Reactions:3
- Comments:11 (2 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@kimyu92 were you able to make requests from the browser? if possible could you point me to your code so that I may study it? I’m having
Cross-Origin Request Blocked: ... CORS header ‘Access-Control-Allow-Origin’ missingfor a simple POST request@kimyu92
Are you seeing CORS issues with the Lambda Service or locally with SAM CLI? It sounds like this is an issue you are having with the Service.
This is a limitation of API Gateway: https://stackoverflow.com/a/39628785
We have a open PR addressing this issue: https://github.com/awslabs/aws-sam-cli/pull/1464